Siri, Google Assistant, Alexa Said to Be Vulnerable to New 'Dolphin Attack'
Tasneem Akolawala, 07 September 2017
Share on Facebook Tweet Share Share Email Reddit
HIGHLIGHTS
This hack uses ultrasound frequencies to attack AI assistants
Alexa, Siri, Google Assistant, Samsung S Voice are vulnerable to it
Researchers advice OEMs to stop supporting frequencies above 20KHz
Almost every other day researchers find new hacks to get into your smartphones, gadgets, and smart devices. Now, a group from China's Zheijiang University have found a new way to enter into your smartphones and open malicious websites and even gain access to connected smart devices if there are any using ultrasound frequencies. For this purpose, the hack takes advantage of what is known as the Dolphin Attack, where frequencies of over 20KHz are sent to a nearby smartphone to attack Siri, Google Assistant, Alexa, and other voice-based virtual assistants.
Microphones on a smartphone can catch frequencies above 20,000Hz, something that humans cannot hear. Voice assistants are able to catch these frequencies and take commands accordingly, without the knowledge of the owner. Taking advantage of this, the researchers translated human voice commands into ultrasound frequencies, and then played them back using very cheap components. The parts include a regular smartphone, an amplifier, an ultrasonic transducer, and a battery.
This method is said to work on all assistants like Siri, Alexa, Google Assistant, Samsung S Voice, Bixby, and on devices like iPad, MacBook, Amazon Echo, Audi Q3, and more. What makes this attack scary is that speech recognition can recognise this frequency easily on any device mentioned in the report, and this attack works even if the necessary security measures are in place. Furthermore, the attacker doesn't need any device access as well to carry out this hack. To demonstrate the effectiveness of the attack, researchers showed how they changed the navigation on an Audi Q3, and successfully commanded smartphones to do tasks like 'open dolphinattack.com', and 'open the back door'.
However, for this hack to work, there are certain preconditions. Firstly, the smartphone to which the signal needs to be transmitted to, has to be in a range of five to six feet from the transmitter, and not more. Also, in case of Siri and Google Assistant, you have to have the assistant activated. Furthermore, the user is immediately alerted as these assistants make a tone or reply back to these frequency commands. Therefore, the conditions include that the device has to be very near, the user has to leave their phone unlocked and voice assistant activated, and not be around the smartphone, or be distracted. All of these together are a very unlikely scenario, but something that can be worked around if the hacker seriously looks to do harm.
In any case, the researchers claim that the only simple solution for this hack, is for device makers to programme their AI assistants to ignore frequencies above 20kHz or cancel out any frequencies that humans cannot understand. Until then, keep your voice assistants deactivated, if you're really paranoid.
U.S. House unanimously approves sweeping self-driving car measure
David Shepardson
5 MIN READ
A self-driving car from PolySync drives on the track during a self-racing cars event at Thunderhill Raceway in Willows, California, U.S., April 1, 2017. REUTERS/Stephen Lam
WASHINGTON (Reuters) - The U.S. House on Wednesday unanimously approved a sweeping proposal to speed the deployment of self-driving cars without human controls by putting federal regulators in the driver’s seat and barring states from blocking autonomous vehicles.The House measure, the first significant federal legislation aimed at speeding self-driving cars to market, would allow automakers to obtain exemptions to deploy up to 25,000 vehicles without meeting existing auto safety standards in the first year. The cap would rise over three years to 100,000 vehicles annually.
Representative Doris Matsui said the bill “puts us on a path towards innovation which, up until recently, seemed unimaginable.” Automakers, business groups, and advocates for the blind praised the House measure. But one consumer group said the House bill did not do enough to ensure self-driving cars would be safe. Under the bill, manufacturers seeking exemptions must demonstrate self-driving cars are at least as safe as existing vehicles. States could still set rules on registration, licensing, liability, insurance and safety inspections, but not performance standards.Automakers would have to submit safety assessment reports to regulators, but the bill would not require pre-market approval of advanced vehicle technologies. The measure now goes to the Senate, where a bipartisan group of lawmakers has been working on similar legislation.
Automakers and technology companies, including General Motors Co and Alphabet Inc’s self-driving unit Waymo, hope to begin deploying vehicles around 2020. They have been pushing for new federal rules making it easier to deploy self-driving technology, but some consumer groups have sought additional safeguards.Current federal rules bar self-driving cars without human controls on U.S. roads. States have issued a variety of different rules in the absence of clear federal guidance, and automakers have complained that California’s rules are too restrictive.
U.S. senators might circulate their draft legislation this week. One sticking point is how to handle commercial self-driving trucks, which are not included in the House measure. The Senate version may also soften the provisions preempting state rules.Volkswagen AG (VOWG_p.DE) and other automakers have been lobbying Congress to act, often bringing test vehicles to Capitol Hill so lawmakers can test out driverless cars.
Advocates hope self-driving cars can help reduce U.S. road deaths, which rose 7.7 percent in 2015, the highest annual jump since 1966. The U.S. National Highway Traffic Safety Administration said in a 2014 study that U.S. traffic crashes cost society $836 billion a year in economic loss, with human error behind 94 percent of crashes.
Consumer advocates want to give the National Highway Traffic Safety Administration quicker access to crash data and more funding to oversee self-driving cars.“The autonomous vehicle bill just passed by the House leaves a wild west without adequate safety protections for consumers. It pre-empts any state safety standards, but there are none at the national level,” the Consumer Watchdog group said in a statement.
Two South Florida nuclear power plants lie in Irma’s path. Are they ready?
BY ALEX HARRIS
aharris@miamiherald.com
SEPTEMBER 06, 2017 2:00 PM
The last time a major hurricane hit the Turkey Point nuclear power plant, it caused $90 million in damage but left the nuclear reactors along southern Biscayne Bay unscathed.
In anticipation of powerful Hurricane Irma, which projections on Wednesday showed headed straight for South Florida, Florida Power & Light’s two nuclear plants were finalizing staffing plans and cleaning up the grounds. But neither Turkey Point nor the St. Lucie plant farther up the coast had made the call yet to shutting down the plants.
Peter Robbins, spokesman for FPL, said shutting down a reactor is a gradual process, and the decision will be made “well in advance” of the storm making landfall.
“If we anticipate there will be direct impacts on either facility we’ll shut down the units,” he said.
FPL has long defended the safety of its nuclear power plants, which both sit along the coast where they are potentially exposed to the strongest winds and storm surge of hurricanes. And Turkey Point weathered a Category 5 strike from Hurricane Andrew in 1992.
Hurricane Irma makes its way through St. Maarten and near Puerto Rico
Hurricane Irma moves through St. Maarten and near Puerto Rico on Wednesday, Sept. 6, 2017.
NOAA
Robbins said the plant’s reactors are encased in six feet of steel-reinforced concrete and sit 20 feet above sea level. Turkey Point has backup generators, extra fuel and, as a “backup to the backup,” replacement parts and materials can be flown in from Tennessee.
The St. Lucie Nuclear Power Plant is equally protected, Robbins said, and can withstand severe flooding from storm surges. St. Lucie’s nuclear plant survived Hurricanes Frances and Jeanne in 2005 and Wilma the year after.
When the eye of Andrew passed over Turkey Point, some facilities around the reactor buildings took a beating. Ultimately, the state’s oldest nuclear plant suffered $90 million in damages, including to systems that were supposed to be hurricane-proof.
One of the 400-foot smokestacks for the old oil-burning power plant was cracked in half, even though it was rated to survive 235-mph winds. Andrew blew down all but six of the 41 warning sirens within 10 miles of the plant. The storm left the plant running on backup generators for more than a week to cool the shut-down reactor. A main access road was blocked by debris.
“It handled Andrew as it was designed to,” Robbins said. “It’s one of the safest and most robust structures in the state, of not the country.”
Rick Scott says Hurricane Irma is "bigger, stronger and faster" than Andrew
Florida's Governor Rick Scott, 'this storm is bigger, stronger and faster", than Hurricane Andrew. He calls for the Florida's National Guard and evacuations.
Report: Drug company faked cancer patients to sell drug
By Aaron M. Kessler
Updated 9:02 PM ET, Wed September 6, 2017
Sen. Claire McCaskill, D-Mo., announces findings from the investigation on Capitol Hill.
Washington (CNN)When Insys Therapeutics got approval to sell an ultra-powerful opioid for cancer patients with acute pain in 2012, it soon discovered a problem: finding enough cancer patients to use the drug.
To boost sales, the company allegedly took patients who didn't have cancer and made it look like they did.
The drug maker used a combination of tactics, such as falsifying medical records, misleading insurance companies and providing kickbacks to doctors in league with the company, according to a federal indictment and ongoing congressional investigation by Sen. Claire McCaskill, a Democrat from Missouri.
The new report by McCaskill's office released Wednesday includes allegations about just how far the company went to push prescriptions of its sprayable form of fentanyl, Subsys.
Because of the high cost associated with Subsys, most insurers wouldn't pay for it unless it was approved in advance. That process, likely familiar to anyone who's taken an expensive medication, is called "prior-authorization."
So Insys set up an elaborate charade -- with employees that pretended to be doctors' offices -- to fool insurance companies into approving the drug, according to the Senate report.
Insys said in a statement provided to CNN on Wednesday that it disagreed with "certain characterizations in the staff report released today."
"The report relates to activities of former employees of our company and matters that the company has addressed in its own efforts and in connection with investigations by the Department of Justice and state attorney general offices," the company said, adding that "strengthening of our compliance program has been a significant focus for more than four years," and that Insys had "invested significant resources in establishing an effective compliance program."
The Senate report documented how beginning in 2014, when someone needed to obtain prior approval for a Subsys prescription, it was actually an Insys employee who called the insurer and its affiliates to persuade them. The insurers thought they were talking to someone who worked for the actual patient's doctor, and the Insys employees had a carefully crafted script designed to intentionally leave that impression, according to the report.
Insys even went so far as to obscure its outgoing phone number on caller IDs, so that calls wouldn't be traced back to the company, the report said. And if an insurer needed a phone number for a return call, company employees "reportedly provided a 1-800 number manned by another Insys representative -- instead of contact information for the prescribing physician," according to McCaskill's report.
During such calls, there was usually a key question: did the patient have acute pain caused by cancer, known as "breakthrough" pain? Cancer was a requirement for prior clearance to prescribe Subsys.
Insys got around this by finding calculated ways for its employees to create the impression on the phone calls that the answer was yes, they did have cancer, without explicitly saying so, according to the report.
A recording of a such a call, obtained by McCaskill's investigators and released Wednesday, shows the wordplay Insys employees engaged in.
The call involves a New Jersey woman named Sarah Fuller, who did not have cancer but was nevertheless prescribed Subsys by her doctor. Fuller died last year of a Subsys overdose, and state authorities later petitioned to have her doctor's license temporarily suspended.
Hurricane Irma makes landfall in Caribbean with Florida at center of projected path
Hurricane Irma — with its ferocious 185 mph winds — made landfall in the Caribbean early Wednesday, slamming into Barbuda and Antigua as it headed for Puerto Rico, with Florida now directly in the center of the projected path by the weekend.
The catastrophic Category 5 storm, the most powerful Atlantic storm on record, is expected to bring strong storm surges and up to 20 inches of rain in some places.
Irma is moving west-northwest at 16 mph, according to the National Hurricane Center’s advisory at 5 a.m. Wednesday, with the track shifting slightly to the east. The Bahamas government has issued a hurricane warning for the southwestern stretch of islands and the Turks and Caicos, as well as a hurricane watch for Central Bahamas.
Twitter Ads info and privacy
The National Weather Service said the eye of Hurricane Irma passed over Barbuda around 1:47 a.m. Wednesday, according to The Associated Press. Residents said over local radio that phone lines went down as the eye passed.
The forecast had the dangerous core of Irma pummeling the island chain into Wednesday morning, then moving over the U.S. and British Virgin Islands Wednesday. By late Wednesday, Irma is expected to pass the northern coast of Puerto Rico. From there, it’s expected to hit the northern coast of Haiti and the Dominican Republic before heading to Cuba.
In the last few hours, the storm got a little smaller, with winds extending outward of 50 miles from the center.
Hurricane warnings, which means that the storm is imminent, were in effect for much of the Caribbean, Puerto Rico and parts of the Dominican Republic.
Watches, typically issued 48 hours before a storm is expected to hit, were in effect for the provinces of Matanzas eastward to Guantanamo in Cuba.
The latest advisory showed Irma had made a turn and was heading a bit north instead of just west.
The storm is expected to produce a storm surge as high as 15 to 20 feet, including the Turks and Caicos Islands and the southeastern Bahamas, the advisory said. Rainfall could reach up to 20 inches in some spots.
“The combination of a life-threatening storm surge and the tide will cause normally dry areas near the coast to be flooded by rising waters moving inland from the shoreline,” the advisory said.
It was still not clear Tuesday night whether a collision between a high-pressure system and a low-pressure trough moving across the United States will change Irma’s direction.
The current trajectory still shows much of Florida in the storm’s path with the storm expected to hit South Florida by Sunday.
Empty shelves everywhere, but retailers say supplies are on the way
The Atlantic’s most powerful hurricane ever outside the Gulf of Mexico and the Caribbean is expected to pound Florida with damaging winds, but where, and just how bad the state gets hit, remains unclear.
Irma has been churning west, on a path that began slamming the Leeward Islands on Tuesday night, as it rolls toward the Virgin Islands and Puerto Rico. It’s being steered by a high pressure ridge that in the coming days is expected to collide with a low pressure trough moving across the U.S. When they meet, the ridge should weaken and allow Irma to sneak north, determining where the hurricane’s fiercest winds land. But so far, models have not been able to agree on where that critical turn happens.
Put Florida’s skinny peninsula in the path of such a monster storm — hurricane winds stretch 120 miles, Florida is just 160 miles wide — and it means storm conditions could be widespread.
Forecasters said Tuesday evening that models generally agree over the next 72 hours, but after that they begin to spread, raising uncertainty. Due to track errors ranging from 175 to 225 miles, they warned that more attention should be paid to the forecast cone.
In Puerto Rico, the electric company warned the island could be without power for four to six months while the government prepared to open 456 shelters capable of housing more than 62,000 people. The Turks and Caicos has ordered Salt Cay, its southernmost inhabited island, evacuated beginning Wednesday.
RUSSIA IS PREPARING FOR A MASSIVE WAR, BUT WE DON'T KNOW WHERE, WARNS UKRAINIAN PRESIDENT
WORLDUKRAINERUSSIABELARUSNATOBALTICS
Ukrainian President Petro Poroshenko claimed Thursday that the upcoming Russian military drill in Belarus shows Moscow is preparing its forces for a much bigger conflict. The comments came during his annual address to parliament.
Russia’s backing of separatists in the eastern region of Ukraine and its annexation of Crimea show no sign of being reversed, Poroshenko added according to Ukrainian news site Ukrainska Pravda. On the contrary, Ukraine thinks the Kremlin’s military ambitions are only going to grow.
“There are no signs at the moment that Moscow would be ready to pull back from Donbas or leave Crimea,” Poroshenko said. “In fact, there is more and more evidence for its preparations for an offensive war of continental proportions.”
The drill between Russia and Belarus near NATO’s borders has concerned western allies who do not believe Moscow's public claims that the drill will involve fewer than 13,000 troops and will focus on defensive tactics.
Baltic NATO allies have stressed that the map of the exercise effectively paints themas the enemy and Lithuania has accused Russia of simulating war with NATO in the drill. Former Georgian President Mikheil Saakashvili has also warned that the drill could be used to move Russian troops into Belarus and leave them there after the drill is finished, something that could even lead to “annexation.”
Ukraine, which borders both Russia and Belarus, should also brace itself for any deployment near its territory, Poroshenko said on Thursday.
"Under the guise of strategic command exercises, we are not ruling out the creation of a new assault group of Russian troops to strike Ukrainian territory,” Poroshenko said. “Some 2,000 transporters with soldiers and equipment have approached and are approaching our borders. There is no guarantee that after the end of these maneuvers all this will return to Russia.”
As a precaution, Ukraine has strengthened its border security, Poroshenko told parliament. The Zapad drill is only intended to last around a week, though with a handful of other drills in the nearby regions of Russia over two months, the Ukrainian leader said Moscow was evaluating its capabilities along a hypothetical Western front.
“Obviously the Kremlin is checking how ready not only the Russian military but the entire Russian state is for a big war with the West,” he concluded.
Chinese Man Jailed For Nine Months For Selling VPN Software
ON SEPTEMBER 4, 2017
C: 63
BREAKING
A man who sold VPN software via a website has been sentenced to nine months in prison by a Chinese court. The decision, handed down earlier this year but only just made public, notes that the software supplied by the man allowed the public to circumvent China's Great Firewall while granting access to foreign websites.
Back in January, China’s Ministry of Industry and Information Technology announced that due to Internet technologies and services expanding in a “disorderly” fashion, regulation would be needed to restore order.
The government said that it would take measures to “strengthen network information security management” and would embark on a “nationwide Internet network access services clean-up.”
One of the initial targets was reported as censorship-busting VPNs, which allow citizens to evade the so-called Great Firewall of China. Operating such a service without a corresponding telecommunications business license would constitute an offense, the government said.
The news was met with hostility, with media and citizens alike bemoaning Chinese censorship. Then early July, a further report suggested that the government would go a step further by ordering ISPs to block VPNs altogether. This elicited an immediate response from local authorities, who quickly denied the reports, blaming “foreign media” for false reporting.
But it was clear something was amiss in China. Later that month, it was revealed that Apple had banned VPN software and services from its app store.
“We are writing to notify you that your application will be removed from the China App Store because it includes content that is illegal in China, which is not in compliance with the App Store Review Guidelines,” Apple informed developers.
With an effort clearly underway to target VPNs, news today from China suggests that the government is indeed determined to tackle the anti-censorship threat presented by such tools. According to local media, Chinese man Deng Jiewei who ran a small website through which he sold VPN software, has been sentenced to prison.
The 26-year-old, from the city of Dongguan in the Guangdong province, was first arrested in October 2016 after setting up a website to sell VPNs. Just two products were on offer but this was enough to spring authorities into action.
A prosecution notice, published by Chinese publication Whatsonweibo, reveals the university educated man was arrested “on suspicion of providing tools for illegal control of a computer information system.”
It’s alleged that the man used several phrases to market the VPNs including “VPN over the wall” and “Shadow shuttle cloud”. The business wasn’t particularly profitable though, generating just 13957 yuan ($2,133) since October 2015.
“The court held that the defendant Deng Jiewei disregarded state law, by providing tools specifically for the invasion and illegal control of computer information systems procedures,” the Guandong Province’s First People’s Court said in its ruling, handed down earlier this year but only just made public.
Report: Egypt security forces 'routinely torture political detainees'
By Laura Smith-Spark, CNN
Updated 1449 GMT (2249 HKT) September 7, 2017
An Egyptian policeman stands guard in Cairo's Tahrir Square on January 25, 2017.
(CNN)Egypt's police and National Security officers are carrying out widespread and systematic torture of political prisoners, which probably amounts to a crime against humanity, rights group Human Rights Watch (HRW) said in a report released Wednesday.
Security forces "routinely torture political detainees with techniques including beatings, electric shocks, stress positions, and sometimes rape," the group claimed.
Prosecutors typically ignore prisoners' complaints and sometimes also threaten them with torture, it said, "creating an environment of almost total impunity," HRW said in a press release accompanying the report.
According to HRW, allegations of torture by Egypt's security forces have been widespread since President Abdel Fattah el-Sisi came to power in 2013, having ousted former President Mohamed Morsy in a military coup.
Sisi "has effectively given police and National Security officers a green light to use torture whenever they please," Joe Stork, deputy Middle East director at Human Rights Watch, said in a statement. "Impunity for the systematic use of torture has left citizens with no hope for justice."
In a statement on Thursday, Egyptian Foreign Ministry spokesman Ahmed Abu Zeid criticized the report as "flimsy" and said it marked "a new episode in a series of deliberate defamation by such organization, whose politicized agenda and biases are well known and reflect the interests of the entities and countries sponsoring it."
Margert Azer, a member of the parliamentary committee on human rights, told state-run daily Al-Ahram on Wednesday that HRW is "a dubious organization that promotes lies. Its reports are erroneous and contain undocumented and inaccurate information."
The rights group said its report was based on interviews with 19 former detainees, along with the family of a 20th detainee, who were tortured between 2014 and 2016. It also reviewed dozens of reports about torture by Egyptian human rights groups and media outlets.
The former detainees interviewed by HRW "described what amounted to an assembly line of abuse aimed at preparing fabricated cases against suspected dissidents, beginning at the point of arbitrary arrest, progressing to torture and interrogation during periods of enforced disappearance, and concluding with presentation before prosecutors, who often pressure detainees to confirm their confessions and take no measures to investigate the violations against them," the report said.
Egyptian President Abdel Fattah el-Sisi, pictured at the White House on April 3, 2017, came to power in a 2013 military coup.
'Severe pain'
Egypt's constitution prohibits torture, intimidation, coercion, and "physically or morally" harming detainees. It also provides that any statement made under torture or threat of torture should be disregarded.
However, Egypt has failed to meet these basic commitments under international human rights law, the rights group claimed.
"Of the 20 cases documented by Human Rights Watch, 13 detainees were tortured in National Security offices, five in police stations, and two in both places," the group said.
"The former detainees said that torture sessions begin with security officers using electric shocks on a blindfolded, stripped, and handcuffed suspect while slapping and punching him or beating him with sticks and metal bars. If the suspect fails to give the officers the answers they want, the officers increase the power and duration of the electric shocks and almost always shock the suspect's genitals," said a news release accompanying the report.
"Officers then employ two types of stress positions to inflict severe pain on suspects, the detainees said." Security officers continued to beat and shock the detainees while they were in these positions, which they were forced to hold for hours, it added.
All but one of the former detainees interviewed by HRW said they had told prosecutors about the abuse they suffered, but none saw any evidence that action was taken to investigate, the group said.
UN: Torture 'systematic' in Egypt
HRW called for Sisi's government to appoint an independent special prosecutor to inspect detention sites, investigate claims of abuse and prosecute perpetrators.
"Past impunity for torture caused great harm to hundreds of Egyptians and laid the conditions for the 2011 revolt," Stork said. "Allowing the security services to commit this heinous crime across the country invites another cycle of unrest."
But the group also noted that the "specific practices documented in this report are far from new," saying it had first documented claims of torture by security forces in Egypt as early as 1992.
The UN Committee Against Torture concluded in its 2017 report that it had reached "the inescapable conclusion that torture is a systematic practice in Egypt" and that "perpetrators of torture almost universally enjoy impunity" despite Egyptian laws prohibiting its use.
The committee urged the Egyptian authorities immediately to end the practice of torture and ill-treatment in all places of detention, to institute a zero-tolerance approach to torture and to prosecute the perpetrators, including those with command responsibility.
The same UN report said Egypt had disputed the admissibility and reliability of the information on torture provided to the UN panel by non-governmental organizations.
The committee added that Egypt "asserts that torture is not a systematic practice in Egypt and that, while some incidents of torture may have occurred, they are isolated incidents, which are investigated by the authorities."
Share with your friends: |